If this is indeed how copilot is archtected, then it needs clear documentation -- that it is a non-audited data store.

But how then did MS "fix" this bug? Did they stop pre-ingesting, indexing, and caching the content? I doubt that.

Pushing (defaulting) organizations to feed all their data to Copilot and then not providing an audit trail of data access on that replica data store -- feels like a fundamental gap that should be caught by a security 101 checklist.

How would you audit that?

If that's the case, then as noted in the article, the 'as intended' is probably violating liability requirements around various things.

Correct. It is precisely that a user can ask about someone’s medical history (or whatever else) and not be reported that would be in violation of any heavily audited system. LLM Summaries break the compliance.

You allow what it can and can't see. If you include PII and medical records, that's your fault, not MS's.

That’s fair - unless they’re marketing the bot as compliant.